package net.adamcin.httpsig.api;

import java.util.Collection;
import java.util.Date;
import java.util.GregorianCalendar;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.TimeZone;

/* loaded from: input_file:WEB-INF/lib/httpsig-api-1.3.0.jar:net/adamcin/httpsig/api/DefaultVerifier.class */
public final class DefaultVerifier implements Verifier {
    public static final long DEFAULT_SKEW = 300000;
    private final Keychain keychain;
    private final KeyId keyId;
    private final long skew;
    private final boolean strictRequestTarget;

    /* loaded from: input_file:WEB-INF/lib/httpsig-api-1.3.0.jar:net/adamcin/httpsig/api/DefaultVerifier$CanVerifyId.class */
    private static class CanVerifyId implements KeyId {
        private KeyId delegatee;

        private CanVerifyId(KeyId keyId) {
            this.delegatee = keyId;
        }

        @Override // net.adamcin.httpsig.api.KeyId
        public String getId(Key key) {
            if (key == null || !key.canVerify()) {
                return null;
            }
            return this.delegatee.getId(key);
        }
    }

    /* loaded from: input_file:WEB-INF/lib/httpsig-api-1.3.0.jar:net/adamcin/httpsig/api/DefaultVerifier$KeychainGuard.class */
    private static class KeychainGuard implements Keychain {
        private final Keychain keychain;

        private KeychainGuard(Keychain keychain) {
            this.keychain = keychain;
        }

        @Override // net.adamcin.httpsig.api.Keychain
        public Set<Algorithm> getAlgorithms() {
            return this.keychain.getAlgorithms();
        }

        @Override // net.adamcin.httpsig.api.Keychain
        public Keychain filterAlgorithms(Collection<Algorithm> collection) {
            return new KeychainGuard(this.keychain.filterAlgorithms(collection));
        }

        @Override // net.adamcin.httpsig.api.Keychain
        public Keychain discard() {
            return new KeychainGuard(this.keychain.discard());
        }

        @Override // net.adamcin.httpsig.api.Keychain
        public Key currentKey() {
            return this.keychain.currentKey();
        }

        @Override // net.adamcin.httpsig.api.Keychain
        public Map<String, Key> toMap(KeyId keyId) {
            return this.keychain.toMap(keyId);
        }

        @Override // net.adamcin.httpsig.api.Keychain, java.util.Collection
        public boolean isEmpty() {
            return this.keychain.isEmpty();
        }

        @Override // java.lang.Iterable
        public Iterator<Key> iterator() {
            return this.keychain.iterator();
        }
    }

    public DefaultVerifier(Keychain keychain) {
        this(keychain, null, DEFAULT_SKEW, false);
    }

    DefaultVerifier(Keychain keychain, boolean z) {
        this(keychain, null, DEFAULT_SKEW, z);
    }

    public DefaultVerifier(Keychain keychain, KeyId keyId) {
        this(keychain, keyId, DEFAULT_SKEW, false);
    }

    public DefaultVerifier(Keychain keychain, KeyId keyId, long j) {
        this(keychain, keyId, j, false);
    }

    private DefaultVerifier(Keychain keychain, KeyId keyId, long j, boolean z) {
        this.keychain = keychain != null ? new KeychainGuard(keychain) : new KeychainGuard(new DefaultKeychain());
        this.keyId = new CanVerifyId(keyId != null ? keyId : Constants.DEFAULT_KEY_IDENTIFIER);
        this.skew = j;
        this.strictRequestTarget = z;
    }

    public Keychain getKeychain() {
        return this.keychain;
    }

    @Override // net.adamcin.httpsig.api.Verifier
    public long getSkew() {
        return this.skew;
    }

    public void setSkew(long j) {
    }

    @Override // net.adamcin.httpsig.api.Verifier
    public Key selectKey(Authorization authorization) {
        return this.keychain.toMap(this.keyId).get(authorization.getKeyId());
    }

    @Override // net.adamcin.httpsig.api.Verifier
    public boolean verify(Challenge challenge, RequestContent requestContent, Authorization authorization) {
        return verifyWithResult(challenge, requestContent, authorization) == VerifyResult.SUCCESS;
    }

    @Override // net.adamcin.httpsig.api.Verifier
    public VerifyResult verifyWithResult(Challenge challenge, RequestContent requestContent, Authorization authorization) {
        if (challenge == null) {
            throw new IllegalArgumentException("challenge cannot be null");
        }
        if (requestContent == null) {
            throw new IllegalArgumentException("requestContent cannot be null");
        }
        if (authorization == null) {
            throw new IllegalArgumentException("authorization cannot be null");
        }
        for (String str : challenge.getHeaders()) {
            if (!str.startsWith(":") && !authorization.getHeaders().contains(str)) {
                return VerifyResult.CHALLENGE_NOT_SATISFIED;
            }
        }
        Iterator<String> it = authorization.getHeaders().iterator();
        while (it.hasNext()) {
            if (requestContent.getHeaderValues(it.next()).isEmpty()) {
                return VerifyResult.INCOMPLETE_REQUEST;
            }
        }
        if (authorization.getHeaders().contains(Constants.HEADER_DATE) && this.skew >= 0) {
            Date dateGMT = requestContent.getDateGMT();
            Date time = new GregorianCalendar(TimeZone.getTimeZone("UTC")).getTime();
            Date date = new Date(time.getTime() - this.skew);
            Date date2 = new Date(time.getTime() + this.skew);
            if (dateGMT.before(date) || dateGMT.after(date2)) {
                return VerifyResult.EXPIRED_DATE_HEADER;
            }
        }
        Key selectKey = selectKey(authorization);
        return selectKey == null ? VerifyResult.KEY_NOT_FOUND : selectKey.verify(authorization.getAlgorithm(), requestContent.getBytesToSign(authorization.getHeaders(), Constants.CHARSET), authorization.getSignatureBytes()) ? VerifyResult.SUCCESS : (this.strictRequestTarget || !authorization.getHeaders().contains(Constants.HEADER_REQUEST_TARGET)) ? VerifyResult.FAILED_KEY_VERIFY : selectKey.verify(authorization.getAlgorithm(), requestContent.getContent(authorization.getHeaders(), Constants.CHARSET), authorization.getSignatureBytes()) ? VerifyResult.SUCCESS : VerifyResult.FAILED_KEY_VERIFY;
    }
}
